Security descriptor (SD) in Security Descriptor Definition Language (SDDL) that controls access for events delivered to the filter. Use this property to specify that only events in the security context of specific accounts can be delivered to this filter. For example, a permanent event consumer may clear the security logs only when a specific event is generated by a specific user. To specify who can publish events to this filter, use the WBEM_RIGHT_PUBLISH mask in the Access Control Entry (ACE) for the SECURITY_DESCRIPTOR property. For more information, see Security Descriptor Definition Language. For more information about constants used to set this security descriptor, see WMI Security Constants. For more information and examples, see replace:Receiving Events Securely.

You can configure an event access security descriptor to allow an event to be delivered only when the local system account generates the event. For more information about creating security descriptor and authorizing access, see Access Control.

Example: The following SDDL string allows only administrators to provide events to the filter. The right required to provide events is WBEM_RIGHT_PUBLISH (x80).

Unique identifier of an event filter. Because an event filter is only used internally by WMI, it is recommended that you set this property to a globally unique identifier (GUID) converted to a string. However, consumers can use any private scheme for a filter name as long as there is not a conflict with other filters.

Query

Data type: string

Access type: Read/write

Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification.

QueryLanguage

Data type: string

Access type: Read/write

Language used for the query. Because WMI currently supports only WMI Query Language (WQL) as a query language, this property must be set to "WQL".